Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*******************************************************************************
* Cloud Foundry
* Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
*
* This product is licensed to you under the Apache License, Version 2.0 (the "License").
* You may not use this product except in compliance with the License.
*
* This product includes a number of subcomponents with
* separate copyright notices and license terms. Your use of these
* subcomponents is subject to the terms and conditions of the
* subcomponent's license, as noted in the LICENSE file.
*******************************************************************************/
package org.cloudfoundry.identity.uaa.oauth;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.approval.Approval;
import org.cloudfoundry.identity.uaa.approval.ApprovalStore;
import org.cloudfoundry.identity.uaa.authentication.Origin;
import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
import org.cloudfoundry.identity.uaa.scim.ScimGroup;
import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.bind.support.SessionStatus;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.WebRequest;
import javax.servlet.http.HttpServletRequest;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
/**
* Controller for retrieving the model for and displaying the confirmation page
* for access to a protected resource.
*
* @author Dave Syer
*/
@Controller
@SessionAttributes("authorizationRequest")
public class AccessController {
protected final Log logger = LogFactory.getLog(getClass());
private static final String SCOPE_PREFIX = "scope.";
private ClientServicesExtension clientDetailsService;
private Boolean useSsl;
private ApprovalStore approvalStore = null;
private ScimGroupProvisioning groupProvisioning;
/**
* Explicitly requests caller to point back to an authorization endpoint on
* "https", even if the incoming request is
* "http" (e.g. when downstream of the SSL termination behind a load
* balancer).
*
* @param useSsl the flag to set (null to use the incoming request to
* determine the URL scheme)
*/
public void setUseSsl(Boolean useSsl) {
this.useSsl = useSsl;
}
public void setClientDetailsService(ClientServicesExtension clientDetailsService) {
this.clientDetailsService = clientDetailsService;
}
public void setApprovalStore(ApprovalStore approvalStore) {
this.approvalStore = approvalStore;
}
public ScimGroupProvisioning getGroupProvisioning() {
return groupProvisioning;
}
public AccessController setGroupProvisioning(ScimGroupProvisioning groupProvisioning) {
this.groupProvisioning = groupProvisioning;
return this;
}
@RequestMapping("/oauth/confirm_access")
public String confirm(Map model, final HttpServletRequest request, Principal principal,
SessionStatus sessionStatus) throws Exception {
if (!(principal instanceof Authentication)) {
sessionStatus.setComplete();
throw new InsufficientAuthenticationException(
"User must be authenticated with before authorizing access.");
}
AuthorizationRequest clientAuthRequest = (AuthorizationRequest) model.remove("authorizationRequest");
if (clientAuthRequest == null) {
model.put("error",
"No authorization request is present, so we cannot confirm access (we don't know what you are asking for).");
// response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
else {
String clientId = clientAuthRequest.getClientId();
BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId());
// TODO: Need to fix the copy constructor to copy additionalInfo
BaseClientDetails modifiableClient = new BaseClientDetails(client);
modifiableClient.setClientSecret(null);
model.put("auth_request", clientAuthRequest);
model.put("redirect_uri", getRedirectUri(modifiableClient, clientAuthRequest));
Map additionalInfo = client.getAdditionalInformation();
String clientDisplayName = (String) additionalInfo.get(ClientConstants.CLIENT_NAME);
model.put("client_display_name", (clientDisplayName != null)? clientDisplayName : clientId);
// Find the auto approved scopes for this clients
Set autoApproved = client.getAutoApproveScopes();
Set autoApprovedScopes = new HashSet<>();
if (autoApproved != null) {
if(autoApproved.contains("true")) {
autoApprovedScopes.addAll(client.getScope());
} else {
autoApprovedScopes.addAll(autoApproved);
}
}
List filteredApprovals = new ArrayList();
// Remove auto approved scopes
List approvals = approvalStore.getApprovals(Origin.getUserId((Authentication)principal), clientId, IdentityZoneHolder.get().getId());
for (Approval approval : approvals) {
if (!(autoApprovedScopes.contains(approval.getScope()))) {
filteredApprovals.add(approval);
}
}
ArrayList approvedScopes = new ArrayList();
ArrayList deniedScopes = new ArrayList();
for (Approval approval : filteredApprovals) {
switch (approval.getStatus()) {
case APPROVED:
approvedScopes.add(approval.getScope());
break;
case DENIED:
deniedScopes.add(approval.getScope());
break;
default:
logger.error("Encountered an unknown scope. This is not supposed to happen");
break;
}
}
ArrayList undecidedScopes = new ArrayList();
// Filter the scopes approved/denied from the ones requested
for (String scope : clientAuthRequest.getScope()) {
if (!approvedScopes.contains(scope) && !deniedScopes.contains(scope)
&& !autoApprovedScopes.contains(scope)) {
undecidedScopes.add(scope);
}
}
List